An attacker drained funds from users who had previously made infinite approvals to a Socket contract.
Cross-chain protocol Socket has been exploited, and $3.3 million has been drained from contracts associated with it, according to a Jan. 16 social media post from the team. Socket has paused all contracts to prevent further losses.
“Urgent. Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts,” the post stated. “We have identified the issue & have paused the affected contracts.”
Socket is a cross-chain infrastructure protocol used by many Web3 apps, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance and Level Finance.
Read more
Source: https://cointelegraph.com/news/socket-protocol-loses-3-3-million-confirmed-approval-exploit